USN-2319-2: OpenJDK 7 regression

Ubuntu Security Notice USN-2319-2

openjdk-7 regression

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

USN-2319-1 introduced a regression in OpenJDK 7.

Software description

openjdk-7
- Open Source Java implementation

Details

USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstreamregression, verifying of the init method call would fail when it was donefrom inside a branch when stack frames are activated. This update fixes theproblem.

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4209, CVE-2014-4244,CVE-2014-4263)

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-4264)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-4221, CVE-2014-4252, CVE-2014-4268)

Update instructions

The problem can be corrected by updating your system to the following
package version: